Skip to content

chore: update postgres (16.3 -> 16.4) #467

chore: update postgres (16.3 -> 16.4)

chore: update postgres (16.3 -> 16.4) #467

Workflow file for this run

---
# yamllint disable rule:line-length
name: Lint all
# yamllint disable-line rule:truthy
on:
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 1
- name: Determine what files types have changed
id: changed-files-yaml
uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44
with:
files_yaml: |
actions:
- .github/workflows/**
- .shellcheckrc
renovate:
- .github/renovate.json
- .github/renovate/**
terraform:
- '**.tf'
- '**/.terraform-version'
- '**/.terraform.lock.hcl'
- '.tflint.hcl'
docker:
- '**/Dockerfile'
- '.hadolint.yaml'
- name: Setup poetry
run: pipx install poetry==$POETRY_VERSION
env:
# renovate: datasource=pypi depName=poetry
POETRY_VERSION: "1.8.3"
- name: Set up python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
with:
python-version: '3.12'
cache: 'poetry'
- name: Set up node
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4
with:
node-version-file: '.node-version'
cache: 'npm'
cache-dependency-path: 'package-lock.json'
- name: Setup tflint
uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4
- name: Cache pre-commit hooks
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ~/.cache/pre-commit/
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install python requirements
run: |
poetry --version
poetry install --no-interaction
poetry env info
- name: Install node packages
run: npm ci --no-fund --no-audit
- name: Install pre-commit hooks
run: poetry run pre-commit install --install-hooks --hook-type pre-commit
- name: check-added-large-files
run: poetry run pre-commit run --all-files --color=always check-added-large-files
- name: check-executables-have-shebangs
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always check-executables-have-shebangs
- name: check-json
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always check-json
- name: detect-private-key
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always detect-private-key
- name: end-of-file-fixer
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always end-of-file-fixer
- name: forbid-new-submodules
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always forbid-new-submodules
- name: mixed-line-ending
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always mixed-line-ending
- name: trailing-whitespace
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always trailing-whitespace
- name: shellcheck
if: success() || failure()
run: poetry run pre-commit run --all-files --color=always shellcheck
- name: terraform-fmt
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch')
run: poetry run pre-commit run --all-files --color=always terraform-fmt
- name: terraform-validate
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch')
run: poetry run pre-commit run --all-files --color=always terraform-validate
- name: tflint
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch')
run: poetry run pre-commit run --all-files --color=always tflint
- name: hadolint
if: (success() || failure()) && (steps.changed-files-yaml.outputs.docker_any_changed == 'true' || github.event_name == 'workflow_dispatch')
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: "Dockerfile"
recursive: true
failure-threshold: warning
config: .hadolint.yaml
- name: yamllint
if: success() || failure()
run: poetry run yamllint -c .yamllint --strict --format github .
- name: actionlint
if: (success() || failure()) && (steps.changed-files-yaml.outputs.actions_any_changed == 'true' || github.event_name == 'workflow_dispatch')
shell: bash
run: |
[[ "$RUNNER_ARCH" == "ARM64" ]] && export PKG_ARCH=arm64 || export PKG_ARCH=amd64
wget --quiet -c https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_${PKG_ARCH}.tar.gz -O /tmp/actionlint.tar.gz
tar -xzf /tmp/actionlint.tar.gz -C /tmp
sudo install -o root -g root -m 0755 /tmp/actionlint /usr/local/sbin/actionlint
set -x
actionlint -shellcheck "shellcheck -c .shellcheckrc"
env:
# renovate: datasource=github-releases depName=rhysd/actionlint
ACTIONLINT_VERSION: "1.7.1"
- name: commitlint
if: (success() || failure()) && (github.event_name == 'pull_request')
run: npx commitlint --color --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose
- name: validate-renovate-config
if: (success() || failure()) && (steps.changed-files-yaml.outputs.renovate_any_changed == 'true' || github.event_name == 'workflow_dispatch')
shell: bash
# yamllint disable-line rule:indentation
run: |
npm install --no-fund --no-audit renovate
echo "Validating renovate main configuration..."
echo ".github/renovate.json:"
npx --yes --package renovate -- renovate-config-validator .github/renovate.json | pr -t -o 4
echo
echo "Validating renovate sub configuration..."
for rc in $(find .github/renovate -type f -name '*.json' | sort); do
echo "${rc}:"
npx --yes --package renovate -- renovate-config-validator ${rc} | pr -t -o 4
done